Installation Guide

Version 7.0

Installation and Configuration Guide

July 2007

DISCLAIMERSchneider Electric SA makes no representations or warranties with respect to this manual and, to the maximum extent permitted by law, expresslylimits its liability for breach of any warranty that may be implied to the replacement of this manual with another. Further, Schneider Electric SA reservesthe right to revise this publication at any time without incurring an obligation to notify any person of the revision.

COPYRIGHT© Copyright 2007 Schneider Electric SA. All rights reserved.

TRADEMARKSSchneider Electric SA has made every effort to supply trademark information about company names, products and services mentioned in this manual.

Citect, CitectHMI, and CitectSCADA are registered trademarks of Citect Pty. Ltd.

IBM, IBM PC and IBM PC AT are registered trademarks of International Business Machines Corporation.

MS-DOS, Windows, Windows NT, Microsoft, and Excel are either registered trademarks or trademarks of Microsoft Corporation in the United Statesand/or other countries.

DigiBoard, PC/Xi and Com/Xi are trademarks of Digi International Inc..

Novell, Netware and Netware Lite are are either registered trademarks or trademarks of Novell, Inc. in the United States and other countries..

dBASE is a trademark of dataBased Intelligence, Inc.

All other brands and products referenced in this document are acknowledged to be the trademarks or registered trademarks of their respective holders.

GENERAL NOTICESome product names used in this manual are used for identification purposes only and may be trademarks of their respective companies.

July 2007 edition for Vijeo Citect Version 7.0

Manual Revision Version 7.0.

For further information, contact your local Schneider Electric representative.

Contents

Chapter 1 IntroductionAbout This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Chapter 2 MigrationChanges in Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Network Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Converting from NetBIOS to TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . 3

New Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Improved Support for Clustering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Online Changes for Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4New Communications Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Local Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Publish Alarm Property . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Memory Mode for Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Persist Mode for Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Improved Hardware Alarms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Event Driven Cicode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Dual Network Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Project-Based Network Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Cicode Functions in Version 7.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

The Migration Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Safe Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Changes Impacting Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Migration Aids . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Chapter 3 Installation DescriptionTask Selection Dialogs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Install Integrated Environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Install Standalone Environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Server Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Chapter 4 Installation RequirementsIntegrated Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Contentsiv

System Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Standalone Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Software Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Updating Your Hardware Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Citect License Point Count . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Demo Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Chapter 5 InstallationThe Installation Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Preliminary Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Environment Selection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Install Integrated Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Install Standalone Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Completing the Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Installing the WebServer on Apache Tomcat . . . . . . . . . . . . . . . . . . . . . . . . 19Installing Service Packs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

When should I install a Service Pack? . . . . . . . . . . . . . . . . . . . . . . . 20How to install a Service Pack: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Modify, Repair, or Remove Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Uninstall the Web Server on Apache Tomcat . . . . . . . . . . . . . . . . . . . . . . . . 21Uninstall a Service Pack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Chapter 6 Configuration Local Area Network Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Network Communications Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Using TCP/IP for network communications . . . . . . . . . . . . . . . . . . . 23

Configuring Communications Over a WAN . . . . . . . . . . . . . . . . . . . . . . . . . . 24LAN parameter settings to allow the use of TCPIP over a WAN . . . 24Internet parameter settings to enable FTP on an Internet Server . . 24

Web Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25The IIS Virtual Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Setting Up Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Web Client user account types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Configuring Security Using IIS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Client Type Access Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Configuring Client Account User Groups . . . . . . . . . . . . . . . . . . . . . 28Preparing the Web Server folder . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Setting Access Rights for Client Accounts . . . . . . . . . . . . . . . . . . . . 30Deleting a User Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Testing the Web Server Security Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . 31Logging on to the Web Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Configuring Security Using Apache Tomcat . . . . . . . . . . . . . . . . . . . . . . . . . 32Logging on to the Tomcat Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Contents v

Index 35

Contentsvi

Chapter 1: Introduction

About This Guide

Purpose This document is a guide for installing Vijeo Citect for an Integrated or Stand Alone environment. It describes the installation process and optional components which can be installed in each environment.

The configuration section provides an overview of using Vijeo Citect in a Local Area Network (LAN), a Wide Area Network (WAN), and as a Web Server.

It includes information on the following aspects of installing Vijeo Citect:

Migration

Installation Description

Installation Requirements

Installation

Configuration

Audience This document is primarily for those who install Vijeo Citect, either on a single workstation or on a network. It is also useful for system administrators and new users of Vijeo Citect.

2

Chapter 2: Migration

This chapter describes changes in functionality and new features introduced in Vijeo Citect version 7.0 and how it may effect your installation and migration from a previous version. Migration information in this chapter covers only migration from Vijeo Citect version 6.x to version 7.0. If you are running a version earlier than 6.1 it is recommended that you upgrade to version 6.x before migrating to version 7.0.

Changes in Functionality

Network Support In order to incorporate the many benefits provided with the introduction of the New Communications Architecture in Vijeo Citect Version 7.0, it was necessary to remove the support for NetBIOS network communications. Version 7.0 only supports TCP/IP networking.

If you are currently using TCP/IP as your network protocol you may ignore this section. However, if you currently implement NetBIOS you must change your network communication over in your current version of Vijeo Citect to TCP/IP before installing Vijeo Citect Version 7.0.

Converting from NetBIOS to TCP/IPThis conversion is a two part operation. The first part is to convert each of your servers (Alarms, Reports, Trends). For the transition time that you are performing the conversion of your entire system you need to maintain network communication between your servers and your clients, this requires that your servers support both NetBIOS and TCP/IP for a brief period. Do this by directly editing the appropriate parameter in the LAN section of the Citect.ini file on each server. This can be done by using the Computer Setup Editor.

In order to support both NetBIOS and TCP/IP set the TCP/IP parameter to 1 in the Citect.ini file as shown below.

[LAN]

NetBIOS =1

TCPIP =1

You should also set the server parameters in the DNS section as described in the Version 6 on line help under the topic "Using TCP/IP for network communications " under the topic "Using Vijeo Citect on a Network".

Once you have configured all of your servers to use TCP/IP (and maintain NetBIOS) you should then edit the Citect.ini file on each of your client machines, set TCPIP=1 and NetBIOS=0 for each of those clients. You do not need to

4

maintain NetBIOS on the clients as they are now communicating with the servers using TCP/IP.

Note:

1 It is essential to set up your servers to use TCP/IP before you set up your cli-ent machines.

2 Once you have completed the conversion on all client machines, return to the Citect.ini file of each server and set the NetBIOS parameter to 0, so disabling NetBIOS on each server as this is now redundant.

On completion of the conversion described above to your existing system to use TCP/IP, you can then continue with the remainder of the The Migration Process and installation procedure to Version 7.0.

New FeaturesVijeo Citect version 7.0 includes the following new features or changes in functionality. In most cases these new features will not impact the installation or initial configuration. However, many of them may impact your project configuration and functionality. Once you have installed this version you should refer to the on line help for information on how to reconfigure your projects to take full advantage of the new features and improved functionality.

Improved Support for Clustering

The concept of "clustering" was introduced in an earlier version of Vijeo Citect. The original concept allowed the "grouping" of duplicated elements, and gave you the ability to cluster Alarms, Reports and Trends servers. However, there were limitations.

The concept of clustering has since evolved and has the advantage of greater flexibility and improved performance. Each of the servers (IO, Alarm, Trend and Report) has a unique name and is part of a Cluster. Each Cluster has a unique name and clients can refer to clusters by it.

A Vijeo Citect project can now include separate clusters allowing for geographical or logical divisions to be implemented in a single project.

How Vijeo Citect's clustering is best configured will always be a direct reflection of the system that is to be deployed, and in particular:

The requirements for the system

The physical layout of the facility

The strategy for maintenance and deployment of the system

Online Changes for Clients

Server decoupling allows changes to be implemented at runtime on clients without a shutdown of the client being required. Regardless of whether a server requires a restart for an online change, the client does not require a restart.

Clients currently contain a copy of Trend, Alarm and Variable Tags which has to match the server copy otherwise problems occur. In v7.0, the tag configurations only exist on the server. The client retrieves the configuration from the server when required and is notified by the server when changes occur.

5

The following list describes the on line changes that can be made without the client machine having to be restarted:

Adding Trends, Alarms, Alarm categories and Address based Variable Tags

Modifying a subset of properties of Trends, Alarms and Alarm categories

Modifying Address based Variable Tag properties

Deleting Address based Variable Tags

Adding and deleting pages and PAV files (except the current one)

Modifying pages and PAV files (except the current one)

Adding, deleting or modifying user profiles

New Communications Architecture

A new publish-subscribe architecture removes much of the need for polling. It is an enabling technology and a step towards improved performance, project deployment, server side online changes, and discovery services.

Local Variables Memory I/O devices have been removed from Vijeo Citect Version 7 and a new tag has been introduced called Local Variable to replace the “Memory PLC” based variable tag. A Local Variables allows you to store data in memory when you start your runtime system. Local variables are created each time your runtime system starts, and therefore do not retain their values when you shut down your system. They can be of any data type supported by Vijeo Citect.

Each process has its own copy of each local variable configured in the project, the values in a local variable are available only to the process that wrote them.

Publish Alarm Property Alarm devices were defined as devices with their Protocol field set to "Alarm". The function of these devices are now configured on an Alarm Server by setting the “Publish Alarm Properties” property to True.

Memory Mode for Devices

Devices can now be run in simulation mode. When configuring an I/O device, you have the option to set memory mode. This means that the I/O device will be created in memory and its values stored in memory at runtime.

This is useful when you are configuring a system for the first time, as you can design and test your system before using a physical I/O device in the system.

As with local variables, the values of an I/O device in memory mode are not retained when you shut down.

Persist Mode for Devices

When configuring an I/O device, you have the option to set persist mode. This means that the value of each variable in the I/O device is stored on the computer’s hard disk. Since the values are saved to disk, when you restart your system after a system failure or shutdown, the latest values are immediately available.

Persist mode is useful for status information or predefined data that is required as soon as the system restarts.

Improved Hardware Alarms

The limitation in previous releases of Vijeo Citect of only a single alarm from multiple alarm situations being displayed has been lifted. All and any alarms are

6

now displayed simultaneously, allowing for immediate response to all alarm states.

Event Driven Cicode Cicode can now be triggered by the change of a specific tag. This improves the efficiency of the Vijeo Citect system by removing the need to poll for changing tag values.

Dual Network Support Previous Vijeo Citect versions have been able to support redundant networks via NetBIOS. From version 7.0, users can specify multiple IP addresses for each server using only TCP/IP, providing native support for network redundancy.

Project-Based Network Configuration

In version 7.0, the project topology is embedded in the project, and network configuration can be performed from within the Project Editor. Servers and their IP addresses are set up in the Network Addresses dialog in the Project Editor.

This means that physical computers in the system can easily be changed. As long as the IP address or computer name of the new machine is the same as the one being replaced, the new computer will be able to immediately take the same role.

Cicode Functions in Version 7.0

Changes have been made Cicode functions in Vijeo Citect Version 7. These changes incorporated functions that have been added, modified or made redundant. For a detailed explanation of these changes refer to the “What's New in Vijeo Citect Version 7.0” topic of the Vijeo Citect on line help.

The Migration ProcessThere are a number of considerations that you must make before migrating your projects to Vijeo Citect version 7. These considerations relate primarily to the introduction of new features, or changes to existing functionality, as described earlier.

The following list identifies the changes which will not impact on your existing Vijeo Citect V6.x projects when they are migrated to this version. These changes can optionally be incorporated into your existing projects during later development, or may safely be ignored if they are of no benefit to the way that Vijeo Citect is used in your organization.

Safe Changes Improved Support for Clustering

Online Changes for Clients

New Communications Architecture

Memory Mode for Devices

Persist Mode for Devices

Improved Hardware Alarms

Event Driven Cicode

Note: It is optional for you to utilize the full capability of clustering, however after you have installed Vijeo Citect V7 you must create a minimum of one

7

cluster. For details on creating a cluster refer to the “Upgrading Procedure” topic in the Vijeo Citect on line help after you have installed the product.

Changes Impacting Migration

The following list identifies functionality changes that may impact migration of your existing projects to Vijeo Citect version 7.

Network Support

Local Variables

Publish Alarm Property

Dual Network Support

Project-Based Network Configuration

Cicode Functions in Version 7.0

In order to understand any implication these changes in functionality may have on your existing projects, refer to the “Upgrading to Vijeo Citect Version 7.0” topic in the Vijeo Citect on line help after you have installed the product.

Migration AidsIn order to assist in the migration of your existing projects Vijeo Citect provides two migration aids. One aid is an automatic update of the project database, the other is a manually invoked Migration Tool.

Automatic Update

The automatic update is carried out when you initially launch Vijeo Citect version 7. This update is a passive action which typically updates the database field definition for any database that has been changed between the two versions and copies new files that are required in version 7. Prior to the automatic upgrade proceeding you are given the option of cancelling the upgrade. The upgrade can be invoked at a later time by adjusting the Update parameter in the Citect.ini file.

Migration Tool

The Migration Tool is a separate application which should be manually run after the automatic upgrade has been executed, and initiated by you after you have prepared the project for final migration. This tool will accommodate the critical changes in project functionality which are incorporated in version 7.

It is important that you prepare your existing projects for a successful upgrade using this tool. For details on the Migration Tool, and the preparatory steps that you must make prior to its use, refer to the “Migration Tool” topic in the Vijeo Citect on line help after you have installed the application.

8

Chapter 3: Installation Description

Before you begin the installation of Vijeo Citect, you need to first decide which components you want to install. This is determined by the functionality you want the installation to support.

After you have decided on the Vijeo Citect environment, and any additional stand alone components that you want to install, you must refer to Chapter 4, Installation Requirements, to ensure that your hardware and system software meet the requirements for your selected installation.

Once you have progressed through the preliminary dialogs of the installation interface, you will be requested to begin selecting the components that you want to install. The options that the installation interface will present to you are described below.

Task Selection Dialogs

Install Integrated Environment

The first option that you may select is under the category Install Vijeo Citect Integrated Environment.

The options are:

Server

Web Server

The Server option will install a fully functional Vijeo Citect server system. Such an installation will include the Vijeo Citect development environment, runtime infrastructure files, I/O Server, Alarm Server, Trend Server and Reports Server. It also includes by default a “Display Client” installation.

You should select this option if this is an initial installation of Vijeo Citect which will run as a single system, or act as a server to service a number of client installations.

The Web Server performs the server-side functionality of a Web Service to a Web Client. As well as facilitating communication, it directs a client to the graphical and functional content of a Vijeo Citect project and the location of the runtime servers. This information is stored on the Web Server when a Vijeo Citect project is configured as a “deployment”. A Vijeo Citect Web Server can contain multiple deployments.

Install Standalone Environment

The second option, under Install Standalone Environment, allows you to install an additional standalone component of Vijeo Citect.

The options are:

Vijeo Citect WebServer

10

The Vijeo Citect WebServer option will install a Web Server running on Microsoft Internet Information Service (IIS) or Apache Tomcat.

The Web Server performs the server-side functionality of a Web Service to a Web Client. As well as facilitating communication, it directs a client to the graphical and functional content of a Vijeo Citect project and the location of the runtime servers. This information is stored on the Web Server when a Vijeo Citect project is configured as a “deployment”. A Vijeo Citect Web Server can contain multiple deployments.

Note: If the Vijeo Citect Web Server and Vijeo Citect runtime server are set up on different machines, and it is not possible to establish a trust relationship between them, the two machines must be on the same domain so that the Web server can access the directory on the Vijeo Citect server that's hosting the web deployment files. If, conversely, a trust relationship can be established between the Web Server and the Vijeo Citect server, they can be on different domains as long as the Web server has read access to the project folder on the Vijeo Citect server.

Server Components If you selected to install the Vijeo Citect Server from the Install Vijeo Citect Integrated Environment option dialog, you will be presented with the Vijeo Citect Server Components dialog. This allows you to chose one or more additional components to install with the server.

The options are:

Vijeo Citect Web Server

Vijeo Citect Knowledge Base

The Vijeo Citect Web Server option will install a Web Server, as described earlier in his chapter. However, when you select it as an additional option to install with the Vijeo Citect Server, it will automatically install the IIS version of the Web Server. If you wish to install the Apache Tomcat version of the web server you must install the Web Service from the Standalone options in Install Standalone Environment as described earlier in this chapter.

The Vijeo Citect Knowledge Base option will install the Vijeo Citect Knowledge Base. This is a is a steadily growing library of technical articles written to support Vijeo Citect users. It contains the latest information about Vijeo Citect, including answers to questions raised by users, solutions to problems, and general discussions.

The Knowledge Base provides detailed technical support information about Vijeo Citect, and is a supplement to the Vijeo Citect Online Help and printed manuals. Originally intended for developers of complex systems, the Knowledge Base is now a useful tool for all users. The Knowledge Base is updated on a regular basis, and if you have a valid Citect Membership, you can obtain the latest articles directly through the Internet.

Vijeo Citect communicates with any control or monitoring I/O Device that has a communication port or data highway - including PLCs (Programmable Logic Controllers), loop controllers, bar code readers, scientific analysers, remote terminal units (RTUs), and distributed control systems (DCS). This communication takes place with each device through the implementation of a device driver. It is important that these drivers are the latest version.

Chapter 4: Installation Requirements

This chapter describes the requirements for hardware, operating system software and system configuration prior to installing Vijeo Citect and any of its components.

These requirements will vary depending on the components of Vijeo Citect that you intend to install on any computer. Refer to Chapter 3, Installation Description, to determine the components that you want to install. This chapter identifies the basic hardware and system software requirements, as well as requirements specific to each particular component.

Before you begin to install Vijeo Citect it is recommended that you ensure that you have the latest updates installed from Microsoft® for your operating system, and system software.

Integrated Environment

Server The following tables indicate the computer hardware requirements for the Vijeo Citect Server installation and all optional server components.

Note: Due to limitations in the Computer Setup Editor, Project Editor and several input forms in Vijeo Citect it is a requirement that screen resolution should be set at 1024 by 768 pixels or higher.

Description Minimum SpecificationProcessor Intel Pentium 3Processor Speed 1 GHzRandom Access Memory (RAM)

500MB or1GB if running Windows Server 2003, or if running a Web Server (2GB if running both Windows Server 2003 and a Web Server)

Available Disk Space 80GB, or 160GB if running a Web ServerGraphics Adapter (see note below)

With 64MB of VRAM if using Process Analyst

Description Recommended Specification or HigherProcessor Intel Pentium 4Processor Speed 3.2GHzRandom Access memory (RAM)

2GB for all supported operating systems, or 3GB if running a Web Server

Available Disk Space 160GB, or 250GB if running a Web ServerGraphics Adapter (see note below)

With 128 MB of VRAM if using Process Analyst

12

System SoftwareThe following table indicates the system software that is required on any computer onto which you intend to install the Vijeo Citect Server and its optional components.

Note: The target drive for the Web Server software must use an NTFS file system, otherwise you won't have full access to the required Windows security settings (that is, the Folder Properties dialog will not have a Security tab). If you are currently using a FAT/FAT32 system, ensure you convert the drive to NTFS before installing the Web Server software.

Note: Due to limitations in the Computer Setup Editor, Project Editor and several input forms in Vijeo Citect it is a requirement that screen resolution should be set at 1024 by 768 pixels or higher.

Standalone EnvironmentThe following standalone component of Vijeo Citect can be installed independently of the Vijeo Citect Integrated Environment, Server:


For information on the minimum hardware and system software requirements for standalone components, refer to the preceding tables under Integrated Environment in the section Server.

If you choose to install Vijeo Citect WebServer from the Standalone installation option, you will be requested to select the Microsoft Internet Information Services version, or the Apache Tomcat version.

If you select the Apache Tomcat version you will be directed to review other documentation to accomplish the installation. This installation process cannot

Vijeo Citect Component Minimum System Software

Vijeo Citect Server Operating SystemWindows XP Professional with Service Pack 2orWindows 2003 Standard Edition with Service Pack 1andMicrosoft .NET Framework 2.0 (installed with Vijeo Citect if required).Internet Explorer Version 6.0A Local Area Network (LAN) if you intent to have multiple clients access the server.

Vijeo Citect WebServer As for Vijeo Citect Server, with the addition of:A New Technology File System (NTFS).A LAN running TCP/IPandMicrosoft Internet Information Services (IIS) Version 5.0orApache Tomcat 5.5.Tomcat Administration Tool.


As for Vijeo Citect Server.

13

install the Apache Tomcat Web Server. For instructions on how to install the Apache Tomcat version, refer to Installing the WebServer on Apache Tomcat in Chapter 5, “Installation.” Prior to proceeding with the Apache Tomcat version, you will need the additional system software Apache Tomcat Version 5.x installed.

Software Licensing Vijeo Citect uses a hardware key to safeguard against license infringement. The hardware key is a physical key that plugs into either the parallel port or USB port of your computer. The hardware key contains details of your user license, such as type and I/O point limit.

Updating Your Hardware Key

When you upgrade to a new version of Vijeo Citect, you might need to update your hardware key to enable the system to run. See the Vijeo Citect Readme file to confirm whether you need to perform an update.

Updating the hardware key involves running the Vijeo Citect Key Update, which is found in the Help menu of Citect Explorer.

Note: If you have CitectSCADA v5.21 or 5.20, you must run ciusafe.exe from the Citect bin directory. You can also download the latest version of the upgrade program from the Key Upgrade section of the Citect website at www.citect.com.

When you launch the Vijeo Citect Key Update, the program displays a Key ID. The serial number of the hardware key is also displayed if it has been written to the key. If not, read the number from the printed label on the hardware key. To perform the update, visit the Citect web site and enter the serial number. Provided that your Customer Service agreement and license details are valid, an authorization code appears, which you enter in the CiUSAFE dialog.

To update the hardware key:

1 In Citect Explorer choose Help | Citect Key Update. If you have CitectSCADA 5.21 or 5.20, run ciusafe.exe from the Citect bin directory.

A Key ID is displayed. The hardware key's serial number might also appear. If not, read the serial number from the label on the key.

2 Visit http://www.citect.com/ and enter the serial number as prompted. You might also be asked for the Key ID and your web login name and password.

3 The authorization code is displayed. Type the code (or copy and paste it from the web site) into the Authorization Code field in CiUSAFE. Do not use any spaces when entering the characters.

4 Click Update.

The Return Code field indicates whether the hardware key was updated successfully.

For a detailed explanation of the fields in the CiUSAFE dialog, click the Help button on the dialog.

Note: Each time you run the Vijeo Citect Key Update, a different Key ID is displayed. However, if you obtain an authorization code but do not immediately

14

update the hardware key, you can enter the same authorization code the next time you run the update.

Citect License Point Count

The point limit is the maximum number of I/O device addresses (variable tags) that can be read, and is specified by your Vijeo Citect license. Vijeo Citect counts all I/O device addresses dynamically at runtime.

This includes all tags used by alarms, trends, reports, events, pages, in Super Genies, use of the TagRead() and TagWrite() Cicode functions, or read or write using DDE, ODBC, or the CTAPI.

It does not count any points statically at compile time.

Notes:

Dynamic and static points are counted only once, regardless of how many times they are used.

At runtime, the static and dynamic point counts are available through the Kernel and the CitectInfo() Cicode function.

The decision as to whether a resolved tag is counted is based on the existence of a license property associated with the tag. The server adds this property to the tag when it is resolved, so that it is counted. For example, a DISK_PLC tag would not get this property but an I/O tag would.

Existing MEMORY_PLC tags in this version are converted to the new "local variables" during migration. Local variables are stored on the client and resolved on the client. Since the client does not add the licensed property to a tag, it only checks its existence, they are not included in the point count.

When you plan your system you should be aware of your point count so that you do not exceed your point limit. This is particularly important, as at runtime, you can incrementally add to your point count by using tags that have not yet been included in the total count.

When you run Vijeo Citect at runtime, the dynamic point count is continuously checked against your hardware key. When the total number of dynamic points (at runtime) pushes the total point count above the point license limit, Vijeo Citect will immediately shutdown.

Vijeo Citect has two preconfigured 'watermark' messages that will display to the user when the dynamic point count reaches 95% and 98% of their point license limit. You can configure these percentages in the Citect.ini file.

This is a new feature and it means that when the actual point count gets close to the limit a warning is displayed. Two thresholds can be set in the Citect.ini file a maximum of 2 warnings might be displayed before the system stops - in the terms of % of the maximum point count. The default thresholds are 95% and 98%. For details of the settings in the Citect.ini file, refer to the on line help under the Citect.ini topics.

15

Demo Mode You can run Vijeo Citect without the hardware key in demonstration (Demo) mode. Demonstration mode lets you use all Vijeo Citect features normally, but with restricted runtime and I/O.

Note: If you configure Vijeo Citect to run as multiple processes on one CPU or multiple CPUs, you cannot use Vijeo Citect in demo mode. If you run Vijeo Citect as one process, you can use demo mode as with previous versions of Vijeo Citect.

The following demonstration modes are available:

15 minutes with a maximum of 50,000 real I/O.

10 hours with no static points and a maximum of one dynamic real I/O. This is useful for demonstrations using memory and disk I/O. Vijeo Citect starts in this mode if no static points are configured.

If you want to demonstrate DDE, CTAPI, or ODBC writes to Vijeo Citect in this mode, you can only write one point. To write to more than one point, you must force Vijeo Citect to start in 15 minute-50,000 I/O demo mode by creating at least one static I/O point.

For this to work, you must configure a real variable tag, with an accompanying PLC or I/O device. The tag must be used by a page or in Cicode. If you do not have a real I/O device connected, Vijeo Citect gives a hardware error, which you can disable using the IODeviceControl function.

8 hours with a maximum of 42,000 real I/O. This is only available through special Vijeo Citect Integration Partners (CIP) keys.

16

Chapter 5: Installation

The Installation ProcessBefore proceeding with the installation of Vijeo Citect and optional components refer to Chapter 4, Installation Requirements, and ensure that you have the required hardware and system software on the target computer to support the installation.

Note: Ensure that you uninstall version 6.x before installing version 7.0, as Vijeo Citect does not support different versions running side-by-side.

Note: If you have an existing installation of OFS (OPC Factory Server), you will need to uninstall it before proceeding with the installation of Vijeo Citect. To uninstall OFS select OPC Factory Server from the list displayed in the Windows Add or Remove Programs dialog, then follow the on screen instructions.

Additionally, to use the version 7.0 Example and CSV_Example projects, it is recommended that you delete the existing Example and CSV_Example projects using Citect Explorer before starting the installation.

Once you have decided which components of Vijeo Citect you want to install you can perform the installation process by following the steps below.

Preliminary Installation 1 To begin the installation, place the Vijeo Citect Compact Disk in the CD drive of your computer. If you have autorun enabled the initial Vijeo Citect Setup dialog will display. If this does not occur, use Windows Explorer to navigate to the root directory of the CD and click Setup.exe to display the initial Vijeo Citect Setup dialog.

2 When this dialog is displayed, click Next to begin the installation process and display the Welcome to Vijeo Citect dialog.

3 Click Next to display the License Agreement dialog. Read the license agreement, and if you accept the terms of the agreement, select the appropriate radio button, then click Next to display the Environment Selection dialog.

Environment Selection 1 In the Environment Selection dialog choose one of the options in either environment that you want to install by selecting the appropriate radio but-ton. The options are:

Install Vijeo Citect Integrated Environment

Server

Install Vijeo Citect Standalone Environment

Vijeo Citect Web Server

18

2 Click Next to display the subsequent dialog in the installation sequence. The subsequent dialog will depend on the option that you select in this Environment Selection dialog.

If you selected the Server option in the previous step, the next dialog will be the Install Vijeo Citect Server Components dialog. This allows you to install additional components along with the Vijeo Citect Server installation. You can select multiple options from the following list:


Vijeo Citect TimeScheduler

Vijeo Citect Batch

Vijeo Citect Pocket Server


Install Integrated ComponentsOnce you have selected the additional components that you want to install from either the Server installation or the Display / Manager installation click Next to display the Destination Folder dialog.

Go to Completing the Installation.

Install Standalone EnvironmentThe Standalone Environment allows you to select any one of the following Vijeo Citect components:


The following steps will guide you through the installation dialogs that will display for each selection.


1 Select Vijeo Citect WebServer to install a stand alone Web Server, this will display the Installing Vijeo Citect Web Server dialog.

2 In the Installing Vijeo Citect Web Server dialog, select either Web Server on IIS (Internet Information Services), or Web Server on Apache Tomcat, then click Next to display the Destination Folder dialog.

If you select Web Server for IIS from the installation options panel, the installer automatically determines if IIS is installed. An error message is displayed if IIS is not installed. Install IIS before you continue with the Web Server for IIS installation.If this is not the case, the following error message will appear:

Note: Though there is an option on this dialog to install the Web Server on Apache Tomcat, the installation program is unable to install it on Apache Tomcat automatically. It must be installed and deployed manually. For instructions on how to perform a manual installation, refer to Uninstall the Web Server on Apache Tomcat

3 Proceed to Completing the Installation.

19

Completing the Installation

1 The Destination Folder dialog identifies the folders into which the Vijeo Cit-ect program files you have selected will be installed. You may change the folder locations by clicking the Change buttons and selecting alternative locations. If you are installing either one of the Integrated Environments and you change the default location, you can click the Reset button to return the folder selections to the original default locations.

When you are satisfied with the folder selections, click Next.

2 If you are installing either of the Integrated Environments the Base Folder dialog will be displayed. The Base Folder dialog identifies the base folder into which the additional or optional components of Vijeo Citect that you have selected will be installed. You may change the folder location by clicking the Change buttons and selecting an alternative location.

If you are satisfied with the folder selection, click Next to display the Ready to Install the Program dialog.

The Ready to Install the Program dialog lists the Vijeo Citect programs that will be installed. Review the list and if you wish to change the selections click the Back button through the previous dialog until you reach the selection that you want to change. Click Install to install the programs in the list and display the Installing Vijeo Citect dialog.

3 The Installing Vijeo Citect dialog displays a progress bar and identifies the status of the installation. You can click Cancel if you want to terminate the installation.

During the course of the final installation you may be asked to confirm certain actions, depending on the additional components that you have selected to install. In such cases follow the prompts on the dialogs.

When the installation is complete the Setup Completed dialog is displayed which lists a summary of the programs that have been installed. Select the checkbox if you wish to be connected to the Citect online registration web site, otherwise click Finish to complete the installation.

Installing the WebServer on Apache Tomcat

Before proceeding with this part of the installation, ensure that all required system software is correctly installed. For details of the requirement refer to Chapter 4, Installation Requirements,

To install Vijeo Citect runtime on the Tomcat Web Server, you must initially deploy it as recognized application. This requires a “.war” file to be copied to the Tomcat server.

1 Call up the Tomcat Web Application Manager. To do this, direct your browser to the Tomcat launch page (http://localhost:8080/), then follow the Tomcat Manager link.

2 Locate the Deploy panel.

3 In the WAR file to deploy section, use the Browse button to locate the required Vijeo Citect.war file. You can upload this file directly from the Vijeo Citect installation DVD/CD.

4 Click on the Deploy button to add Vijeo Citect to the list of applications.

20

Note: If you click the Vijeo Citect link in the Application table, a login dialog opens. Do not attempt to log in until you have defined the required users and roles for the application. For details, see Chapter 6, Configuring Security Using Apache Tomcat,.

This completes installation of the required components for Vijeo Citect Web Server on Apache Tomcat.

Installing Service Packs Citect distributes upgrades for current versions of Vijeo Citect via Service Packs. A Service Pack is a minor version upgrade of Vijeo Citect executable and/or database files. These files are upgraded to provide bug fixes and necessary enhancements. Enhancements are included only when they will aid in more enhanced debugging of Vijeo Citect Runtime.

When should I install a Service Pack?A Release Note document is distributed when the Citect Support Programmers release a Service Pack. You should read the Release Note and see if it states that a problem you are experiencing has been fixed. If so, then you should apply the Service Pack. However, Service Packs should not be applied on the premise that they fix a problem not stated in the readme.

Service Packs include the fixes or enhancements of all previous Service Packs. So, if you are running a released version, and you install Service Pack C, for instance, you get all fixes and enhancements for Service Pack A and Service Pack B. The Release Note document for each Service Pack also identifies the fixes or enhancements of the previous Service Packs.

How to install a Service Pack:1 Download the required Service Pack, and the associated Release Notes doc-

ument from the Citect support web site.

2 Close all Vijeo Citect applications. Ideally, close all Windows applications.

3 Follow the installation instructions in the Release Notes document specific to that Service Pack, and to the Vijeo Citect components that are installed on your machine.

Modify, Repair, or Remove ComponentsYou can modify, repair or remove installed Vijeo Citect components by using the Windows Add/Remove Programs application available from the Start, Settings, Control Panel menu item.

Note: The Vijeo Citect 7 installation, and the Vijeo Citect Knowledge Base can only be removed using this operation. You cannot Modify or Repair these installations. In order to Modify or Repair those particular installations you need to re-install them from the main Vijeo Citect installation interface.

To perform a Modify, Repair, or Remove follow these steps.

1 From the Start menu select Settings, Control Panel to display the Control Panel window.

2 Select Add or Remove Programs to display the Add or Remove Programs dialog box.

21

3 Locate the Vijeo Citect program on which you want to carry out the operation from the list.

4 If the Change button is present, you can modify or repair the installation. If only the Remove button is available you can only remove the installation, to do so click Remove and follow the prompts on the dialog.

5 If you click the Change button, the Vijeo Citect Installation Wizard will display. Click Next to display the Program Maintenance dialog.

6 On the Program Maintenance dialog, click the radio button for the operation that you wish to undertake and follow the prompts on the dialog.

The available maintenance operations are shown below.

Modify allows you to add Vijeo Citect components that were not installed during the original installation, or remove selected components via the Custom Setup dialog. If you select the Modify operation, when you click the Next button the Custom Setup dialog will be displayed.

Repair the existing Vijeo Citect component installation by reinstalling all non-customizable files in the same location as the previous installation. If any of the files were accidentally deleted or modified, then this option will restore the software back to its original state.

Remove Vijeo Citect component files and remove all the registry entries. This will restore the computer to the state prior to installation of the Vijeo Citect component. If you select the Remove operation, when you click the Next button a message box will display requesting that you confirm or cancel the operation. If you confirm the operation, the Vijeo Citect component will be uninstalled.

Note: The uninstallation of Vijeo Citect does not uninstall the Sentinel Protection Software (used by the hardware protection key). To uninstall this application use the same procedure as for uninstalling Vijeo Citect, but select Sentinel Protection Installer from the list displayed in the Add or Remove Programs dialog, then follow the on screen instructions.

In addition, you will need to separately uninstall OFS (OPC Factory Server) and the OFS Configuration Tool. To uninstall these applications use the same procedure as for uninstalling Vijeo Citect, but select OPC Factory Server from the list displayed in the Add or Remove Programs dialog, then follow the on screen instructions. After OPC Factory Server has been uninstalled, select OFS Configuration Tool from the list displayed in the Add or Remove Programs dialog, then follow the on screen instructions.

Uninstall the Web Server on Apache Tomcat

To uninstall Vijeo Citect runtime on the Tomcat Web Server, you must “undeploy” it as recognized application.

1 Call up the Tomcat Web Application Manager. To do this, direct your browser to the Tomcat launch page (http://localhost:8080/), then follow the Tomcat Manager link.

2 Display the Applications panel.

3 Identify the Vijeo Citect application under the Path column and click Undeploy under the Commands column.

22

Uninstall a Service Pack When a Service Pack is installed, a backup directory is created. This backup directory structure mirrors the Vijeo Citect directory including all subdirectories. Files that were replaced during the Service Pack installation will be backed up in these directories.

To uninstall a Service Pack:

1 Close all Vijeo Citect for Windows applications. Ideally, close all Windows applications.

2 Follow the un-installation instructions in the Release Notes document specific to that Service Pack, and to the Vijeo Citect components, that are installed on your machine.

3 Recompile all your Vijeo Citect projects.

After following this procedure, you will be running the Vijeo Citect version and Service Pack level you were running before installing the latest Service Pack.

Chapter 6: Configuration

In all but the smallest system, Vijeo Citect will be required to operate over a Local Area Network (LAN) or a Wide Area Network (WAN).

For large applications, you can add a LAN to the Vijeo Citect system, or use an existing LAN supported by Vijeo Citect.

You can use NetBEUI, IPX/SPX, TCP/IP, and other network protocols with Vijeo Citect.. Vijeo Citect supports scalable architecture, which lets you initially implement Vijeo Citect on a single computer, or over a small network, and then expand the system later without changing your existing hardware, software, or system configuration.

Using Vijeo Citect on a LAN adds more flexibility to the system, and coordination within large plants can be more easily achieved. You can control and monitor autonomous areas within the plant separately, and interrogate the whole plant using any Vijeo Citect computer on the network if you want.

In any of these scenarios there are basic configurations that must be made for the successful operation of your Vijeo Citect system. The configuration steps are described in this chapter.

Local Area Network Configuration.To set up a local area network (LAN) for Vijeo Citect, you must have successfully installed all (non-Vijeo Citect) network hardware and software in strict accordance with the instructions provided by the manufacturer, and you should also be familiar with the basic operation of the network.

You must install the Vijeo Citect software on every PC you want to use as a Vijeo Citect design-time development machine, runtime Vijeo Citect Display Client, Vijeo Citect I/O server, and Vijeo Citect Alarm, Report, or Trend server.

You must also set up Vijeo Citect for your network, using the Computer Setup Wizard on every one of the machines. To access the Computer Setup Wizard, Open Citect Explorer. In the project list area, select My Projects and double-click the Computer Setup Wizard icon, or choose Tools, Computer Setup.

Note: You must have a compiled project to select in order to run the Computer Setup Wizard.

For a detailed explanation on the Computer Setup Wizard, and its options refer to “Running the Computer Setup Wizard” in the online help.

Network Communications Overview

Using TCP/IP for network communicationsIn version 7.0 Vijeo Citect uses TCP/IP to facilitate communications across a network.

24

To set your system to TCP/IP-based communications, a number of parameters must be set in the citect.ini file. These parameters will be set automatically when you run the Computer Setup Wizard and select TCP/IP, after you have completed the installation of Vijeo Citect. For details of these parameters, and all others, refer to “Citect.ini File Parameters” in the on line help.

You then need to map the name for each server to a TCP/IP address. This is done by setting the server’s network address in the Networking Addresses dialog under the Servers menu in the Vijeo Citect Project Editor.

For example, if you had the following servers in your system:

Citect_IO_1 Citect_IO_2

Citect.PrimaryAlarm Citect.StandbyAlarm

Citect.PrimaryTrend Citect.StandbyTrend

Citect.PrimaryReport Citect.StandbyReport

You will also have to determine the IP address for each machine and add them using the Network Addresses dialog. You can use the DOS command “ipconfig” to obtain this information.

Configuring Communications Over a WAN

You can configure your system for use with wide area networks (WANs).

There are several Citect.INI parameters that work together to achieve the three types of configuration as described below.

LAN parameter settings to allow the use of TCPIP over the WAN.

INTERNET parameter settings to make the computer an FTP server.

LAN parameter settings to allow the use of TCPIP over a WAN A typical arrangement of parameters and settings is shown below. The critical setting is 'Tcpip=1' to enable the use of Windows Sockets by Vijeo Citect. TCPIP does not have the maximum sessions limit that NETBIOS has (maximum of 255 sessions), and so permits more Vijeo Citect communication sessions than NETBIOS allows.

These parameters will be set automatically when you run the Computer Setup Wizard and select TCP/IP, after you have completed the installation of Vijeo Citect. For details of these parameters, and all others, refer to the Citect.ini File Parameters in the on line help.

[LAN]Node=TEST_PC LanA=-1Tcpip=1

You will need to run the Computer Setup Wizard for each I/O server on which you want to enable TCP/IP over the WAN.

Internet parameter settings to enable FTP on an Internet ServerTypical settings to do this are shown in the following example:

25

[INTERNET]Server=1display=patrick (any text password for a display license) manager=jimmeh (any text password for a manager license) RunFTP=1ZipFiles=0LogFile=D:\

You should not make the manager and display passwords the same.

Web Server ConfigurationTo display a live Vijeo Citect project in an Internet browser, you must combine the content of the project pages and the current data these pages present using standard, Web-based communication protocols.

Note: To use the web server you must switch your system over to TCP/IP-based communications. Refer to Network Communications Overview for details of how to do this.

To understand the communication architecture for the Vijeo Citect Web Client, it's easiest to consider the role each of the following components play in achieving this outcome:

Vijeo Citect Web Server - Performs the server-side functionality of the system. As well as facilitating communication, it directs a client to the graphical and functional content of a Vijeo Citect project and the location of the runtime servers. This information is stored on the Web Server when a Vijeo Citect project is configured as a “deployment”. A Vijeo Citect Web Server can contain multiple deployments.

Vijeo Citect Runtime Servers (including the I/O Server, Alarms Server, Trends Server and Report Server) - Monitor the physical production facility and contain the live variable tag data, alarms and trends that the Web Client will display.

Web Client - provides the platform to merge a deployed project's pages and content with the raw data drawn from the runtime servers. Again, standard Web technologies are required, so the client uses Microsoft Internet Explorer.

Once you've installed Vijeo Citect Web Server for IIS, you will find the following directories under the Vijeo Citect destination folder.

The WebServer directory primarily hosts the administrative pages that are displayed by a Web Server.

The cgi-bin and images directories contain the content required to display these pages.

The client folder contains the client components (.cab files) that are delivered to a remote computer to run a deployment. Any subdirectories

26

includes the components associated with a particular release (in this case, Version 7.00).

The deploy folder includes the files associated with any deployments (Vijeo Citect projects) configured on the Web Server.

The #displayclient folder (located in the Deploy folder) plays a key role in the Web Server security, as the permissions defined for this folder determine the access rights for each user.

The locales folder contains the files required to support different languages for the client interface. See also Implementing Multiple Language Support.

The IIS Virtual Directory The installation process also adds a virtual directory called Vijeo Citect to Windows IIS (Internet Information Services). This virtual directory establishes the Web Server as a valid destination for client applications. However, it also plays an important role in managing which users have access to the site.

You can view evidence of this virtual directory in the IIS management console, which is launched by selecting Internet Information Services from Windows' Administration Tools menu. The Vijeo Citect virtual directory should appear under the list of default web sites.

You can view the properties for the directory by selecting Properties from the right-click menu.

The Virtual Directory inherits all security settings from the computer's default web site, with the following exceptions:

Directory Browsing is enabled

Script Source Access is disabled

The default document is set to default.htm only

Anonymous access is disabled

Integrated Authentication is disabled

Basic Authentication is enabled

These security settings, including integrated authentication, anonymous access and SSL Encryption, can be customized by the local administrator. However, proper configuration requires experience with IIS and an understanding of the implications of adjusting its settings.

Setting Up SecurityIf you intend to use a Web Server/Client for communications in your Vijeo Citect system there are configuration requirements for both the server and the client. The major configuration required is that of security on the server. The method of setting security differs depending on whether the web server is running on Microsoft Internet Information Services (IIS) or Apache Tomcat.

Security on the Web Server is based on the implementation of user accounts.

27

In the case of an IIS-based Web server, security is tightly integrated with Windows user authentication. With an Apache Tomcat Web Server, the access rights for each user type is defined through the creation of “roles”.

For information on setting security on each of these, refer to Configuring Security Using IIS or Configuring Security Using Apache Tomcat.

Web Client user account types

Both systems support the same three user account types on a Web Client.

The Web Server tests the access rights for each user when they log in and then displays or hides the appropriate buttons on the home page accordingly.

Note: Although the Web Client security architecture controls access to your projects on the Web Server, the Vijeo Citect system security (privilege/area settings) still manages protection of the control system, maintaining a primary level of security.

Configuring Security Using IIS

Setting up security on an IIS-based Web Server primarily involves creating three Windows user groups, each representing one of the Web Client user account types. Individual users can then be assigned to the relevant user group, and automatically inherit appropriate access rights based on the Windows security settings defined for the group.

Client Type Access Rights The following table defines the access rights that each type of user has to the Web Server's installed directories, as defined by the properties for each.

In the table, read means Read & Execute, List Folder Contents and Read user permissions are allowed; read and write means Full Control is allowed, and access denied means Full Control is denied.

For example, an administrator client needs to be able to read all the installed folders to fully access the components of the home page. Additionally, they need write access to the Deploy subdirectory to create new deployments.

By comparison, a manager client must be denied access to the #displayclient folder to prevent the ability to write back to a Vijeo Citect project.

Client type Description Administrator User is permitted to remotely view, add, update and delete deployments. Display Client User can view project pages and make adjustments to writable values. Manager Client User can only view the project pages.

Installed directory ADMINISTRATOR DISPLAY MANAGERWebServer read read readWebServer \ cgi-bin read read readWebServer \ client read read readWebServer \ deploy full control read readWebServer \ deploy \ #displayclient

read read access denied

WebServer \ images read read read

28

Therefore, when setting up security on the Web Server, you need to make sure that your user accounts align appropriately with the permissions outlined in the table above.

To implement the Web Server’s security strategy successfully, you should follow the procedure below to protect your system, and simplify managing client accounts.

The ongoing management of your Web Server security should then involve adding and removing individual accounts as required.

Notes:

The installation and initial configuration of the Web Server must be performed by a Windows user with local administrator permissions; that is, they must be able to add and edit Windows User accounts, and modify file/folder protection. This capability is required to set up Web Client user accounts and manage security settings.

It is important to understand the distinction between the role of the Windows Local Administrator, and the Web Client’s Administrator users:

Windows Administrator - configures security on the Web Server and sets up client accounts.

Web Client Administrator - an end user capable of modifying and managing projects deployed on the Web Server.

The two roles parallel a Vijeo Citect configuration engineer and a runtime operator.

Configuring Client Account User Groups Creating a user group associated with each type of Web Client account on your Web Server allows you to manage security without having to deal with individual users. Users are then added to a group and inherit the security status set for the group.

To create a User Group on the Web Server computer, you must log in to Windows with Local Administrator permissions.

To create the client account user groups:

1 From the Computer Management tool, locate Local Users and Groups in the directory tree. This is where the users and groups for the local machine are configured and managed.

2 Right-click the Groups folder and select New Group. This displays the New Group dialog.

3 In the Group Name, type Web Client Administrator (or something appropriate), and describe the group's purpose.

4 Click Create.

The group you have just created should appear in the list of groups presented in the Computer Management console.

Repeat the steps above to create Display Client and Manager Client user groups.

To test your security settings, you should add at least one user to each group.

29

Preparing the Web Server folder You need to set the security settings for the WebServer folder and its sub-directories, as this will determine the access granted to each type of client account.

To prepare the WebServer folder:

1 Log on to the Web Server computer as a Windows Administrator.

2 Launch Windows Explorer and browse to the WebServer folder.

The WebServer folder is located in the installation directory. By default, this is C:\ProgramFiles\Schneider Electric\Vijeo Citect\WebServer on the web server computer.

3 Right-click the WebServer folder and select Properties.

4 From the Properties dialog, select the Security tab to display the users currently configured for the folder.

There will probably be several groups already defined in this folder. The two you need to pay attention to are the Administrators group and the Everyone group.

The Administrators group represents all the Windows users recognized by the Web Server computer with Local Administrator rights. This group has Full Control permissions on the folder, facilitating the ability to adjust the Web Server security settings. If this is the case, there should be no reason to modify this group.

The Everyone group represents all other users recognized by the local machine. You should give this group the following access to the WebServer folder; allow Read & Execute, List Folders Contents, and Read permissions. This provides local users on the Web Server machine with the equivalent of Display Client permissions.

If there are other groups defined for the Web Server folder, you might want to remove these groups to simplify managing your Web Client accounts.

5 Add the three groups that you created in Configuring Client Account User Groups to the WebServer folder.

6 Confirm the security settings for the three newly created groups. Each should have the same access as the Everyone group: Read & Execute, List Folders Contents, and Read permissions.

7 Ensure all the subdirectories inherit the permissions set for the WebServer folder. To do this click the Advanced button on the Security tab of the properties dialog, and select Replace permission entries on all child objects, then click OK.

This ensures consistent security settings across all the installed directories. A Security dialog might appear warning that this will “remove or reset explicitly defined permissions on child objects”. Click Yes to continue.

30

Setting Access Rights for Client Accounts The three client account types supported by the Web Client are defined by the security settings for each within the installed directories on the Web Server machine.

The differences, outlined in the table in Client Type Access Rights, require specific security settings for the Administrator Client and Manager Client types. An Administrator needs write access to the Deploy subdirectory, and the Manager needs to be denied access to the #displayclient subdirectory.

To configure security setting for the Administrator Client group:

The Administrator Client requires full access to the Deploy subdirectory to enable the creation and modification of deployments.

1 Locate the Deploy subdirectory in the Web Server folder. By default, this is C:\ProgramFiles\Schneider Electric\Vijeo CitectWebServer\Deploy.

2 Right-click the folder and select Properties to display the Deploy folder properties.

3 Click the Security tab and locate the Web Client Administrator group you created in the list of users and groups.

4 Edit the permissions set for the group to Allow Full Control.

To configure the security settings for the Manager Client group:

The Manager Client must be denied access to the #displayclient subdirectory to prevent write changes being made to a deployed Vijeo Citect project.

1 Locate the #displayclient subdirectory in the Web Server folder. By default, this is C:\ProgramFiles\Schneider Electric\Vijeo CitectWeb-Server\Deploy\#displayclient.

2 Right-click the folder and select Properties to display the folder properties.

3 Click the Security tab and locate the Web Client Manager group you created in the list of users and groups.

4 Edit the permissions set for the group, which you should change to Deny Full Control.

5 A Security dialog appears warning “Deny entries take priority over all Allow entries”. Click Yes to continue.

Note: The Display Client group needs no additional configuration, as it uses the settings outlined in Preparing the Web Server folder.

It is critical that security permissions are set accurately in order for the web server to operate correctly. If you experience any problem with communicating from the web client check that the security settings are correct for your installation.

Deleting a User Account You can deny a user access to the Web Server by removing them from the groups that have permissions set for the Web Server folder.

However, if security is a concern, you should deny the user access to the Web Server folder before you delete them. This avoids a known problem where the

31

operating system doesn't immediately acknowledge that a user account has been deleted, creating a short period where a deleted user can still log on.

To securely delete a user account

1 Add the user as an individual to the Web Server folder.

2 Set their access rights to Deny Full Control.

3 Remove the user from the groups that have permissions set for the Web Server folder.

With all access denied, they cannot do anything even if they gain access.

Testing the Web Server Security Settings

To test the security settings for your Web Server client groups:

1 Launch Internet Explorer on the Web Server machine.

2 Call up the Web Client home page by typing in the following address:

http://localhost/Citect

3 Log in to the home page using a user name and password that's been added to the Administrator Client group.

If successful, the System Messages dialog should read “LOGINADMIN Admin (UserName) logged in”.

If the message starts with LOGINDC (for Display Client) or LOGINMC (for Manager Client), there is a problem with your configuration. Confirm that you are using the correct user name for the group you are testing. If the problem still occurs, revisit the process in Setting up security using IIS to ensure an error hasn't been made.

4 Repeat this process with a Display Client and Manager Client user.

Once you have confirmed that security is correctly set up on the Web Server, you can now prepare your Vijeo Citect project for deployment. For more information see Configuring a deployment in the online help.

Logging on to the Web Server

After setting up your client accounts, you must provide the following details to each end user so they can log on to the Web Server:

Address of the Web Server

This is the address users have to type into their Web browser to gain access to the Vijeo Citect Web Server.

If they are doing this remotely, the address is:

http://<machine name>/Citect

or

http://<machine IP address>/Citect

If they are logging on to the Web Server computer, the address is:

http://localhost/Citect

User name and password

32

Once the browser has arrived at the Web Server, the end user is asked to provide a user name and password. Typically, you just need to tell them that their Windows user name and password will provide appropriate access. If you had to create a new user profile for someone, you must provide them with the details.

Once you have finalized the security setup on the Web Server, you are ready to prepare your Vijeo Citect projects for deployment.

Configuring Security Using Apache Tomcat

The Web Client user accounts types are defined on a Tomcat Web Server through the creation of “roles”. Each user is assigned a role when they are configured in the Tomcat Administration Tool, providing a level access appropriate to their associated Web Client account type.

The roles that need to be defined on the Tomcat Web Server are as follows.

To configure users and roles using the Tomcat Administrator

1 On the Tomcat Server, call up a browser and direct it to the installed Apache Tomcat Home page, using one of the following addresses:http://127.0.0.1:8080

or

http://localhost:8080/

2 Click the Tomcat Administration link to display the Tomcat Web Server Administration Tool login page (http://127.0.0.1:8080/admin).

3 Type in the User Name (for example, admin) and Password you provided during the installation of Tomcat, and click Login.

4 On the Administration Tool page, select Roles from the User Definition section of the contents tree. This displays a list of all existing roles on the Tomcat Server.

5 Choose Create New Role from the list of available Role Actions to display the Create New Role Properties form.

6 Type in the role name citectadmin and a description if required, then click Save.

7 Repeat the previous step, to create the roles citectdisplayclient and citectmanagerclient. When complete select Commit Changes.

You are now ready to add the three Tomcat users that correspond to the Web Client account types.

8 Select Users from the User Definition section of the contents tree to display a list of all existing users on the Tomcat Server.

9 Select Create New User from the list of available User Actions to display the Create New User Properties page.

Role Web Client account type Descriptioncitectadmin Administrator User can remotely view, add, update, and delete

deployments.citectdisplayclient Display Client User can view project pages and adjust writable values.citectmanagerclient Manager Client User can only view project pages.

33

10 Type the user name citectwebadmin and a password, then select the checkboxes next to the following roles:

citectadmin

citectdisplayclient

citectmanagerclient

11 Repeat the previous step to create the user citectwebdc. Associate the following roles:

citectdisplayclient

citectmanagerclient

12 Repeat the step again, this time creating the user citectwebmc. Associate the role:

citectmanagerclient

Note: The role names must be identical to “citectadmin”, “citectdisplayclient” and “citectmanagerclient”, and are case-sensitive.

13 Once you have created the three users, Click Commit Changes.

Note:

You can define your own user names; however, any user you create must have at least the “citectmanagerclient” role associated with them.

If you wish, you can create “Groups” to control several users.

To test the security settings for your Tomcat Web Server client groups:

1 Launch Internet Explorer on the Web Server machine.

2 Call up the Web Client home page by entering the following address: http://localhost:8080/Citect

Note: “8080” represents the port defined for your Tomcat Server; 8080 is the default.

3 Log in with the administrator user profile you have created; for example, “citectwebadmin”.

If successful, the Vijeo Citect Web Client Deployment page appears. The System Messages dialog should read “LOGINADMIN Admin citectwebadmin logged in”.

4 Repeat this process with the Display Client and Manager Client profile, “citectwebdc” and “citectwebmc”.

Once confirming that security is correctly set up on the Web Server, you are ready to distribute login information to your client users.

Logging on to the Tomcat Web Server

Once you have set up your client accounts, you must provide the following details to each end user so they can log on to the Web Server:

Address of the Web Server

34

This is the address they will have to enter into their Web browser to gain access to the Vijeo Citect Web Server.

If they are doing this remotely, the address is:

http://<machine name>:8080/Citect

or

http://<machine IP address>:8080/Citect

Note: “8080” represents the port defined for your Tomcat Server; 8080 is the default.

If they are logging on using the Web Server computer, the address is:

http://localhost:8080/Citect

User name and password

Once the browser has connected to the Web Server, the user will be asked for a user name and password.

Typically, you will just need to provide them with the user name that offers the appropriate level of access; for example, “citectwebadmin” if they require full access, or “citectwebmc” if they only require read-only access.

If you created a specific user profile for a particular person, you will have to provide them with the details.

Once you have finalized the security setup on the Web Server, you are ready to prepare your Vijeo Citect projects for deployment.

IndexAAddress, 33architecture, 5

BBase Folder dialog, 19Batch, installing, 18

CCitect license point count, 14Citect.ini parameters, 24CiUSAFE dialog, 13clustering, 4Computer Setup Wizard configuration, 23configuration, 23

Ddemo mode, 15description

Integrated Environment, 9Knowledge Base, 10Server, 9Standalone Environment, 9Web Server, 9, 10

Destination Folder dialog, 18

Hhardware alarms, 5hardware key, 13

Iinstallation

Environment Selection, 17Integrated Environment, 17Standalone Environment, 17

installation modify, repair or remove, 20Installation Requirements, 11Installing dialog, 19Installing Web Server, 18Integrated Environment, 9

IPX/SPX, 23

KKey ID, 13key update, 13Knowledge Base, 10Knowledge Base, installing, 18

LLAN, 23License Agreement dialog, 17license points

dynamic, 14static, 14

local variable, 6, 7logging on to Tomcat Web Server, 33

Mmemory mode, 5migration, 3Modify, 21Modify, Repair, or Remove, 20

NNetBEUI, 23Network Support, 3new features, 3new functionality, 3

Oonline changes, 4

Ppersist mode, 5, 6Pocket Server, installing, 18preliminary installation, 17Program Maintenance dialog, 21

RReady to Install the Program dialog, 19Remove, 21Repair, 21Requirements

36

hardware, 11IIS, 12LAN, 12NET Framework, 12operating system, 12Processor, 11RAM, 11System Software, 12Tomcat, 12

SServer, 9Server Components dialog., 18service pack

installing, 20uninstalling, 22

Setup dialog, 17

TTCP/IP, 3, 23TCP/IP setup, 23TimeScheduler, installing, 18Tomcat Web Server address, 34

WWAN, 23WAR file, 19Web Client

logging on to Tomcat Web Server, 33Tomcat Web Server address, 33

Web Server, 9, 10installing, 18on Apache Tomcat, 18on IIS, 18

Installation Guide

Documents

trademarks of novell

tomcat web server

vijeo citect version

web server folder

web server security

contents chapter

configuration guide

web server31